[strongSwan] (no subject)
Andreas Steffen
andreas.steffen at strongswan.org
Thu Oct 21 23:02:58 CEST 2010
Yeah, this is strange indeed. Have Elliptic Curves been enabled in
libcrypto.so-0.9.8e ? We know of some Linux distributions where this
hasn't been the case.
Regards
Andreas
On 21.10.2010 20:24, Michael Sneed wrote:
> Hi,
>
> I am having problems getting StrongSwan to use ECP algorithms. I built
> with:
>
> ./configure --prefix /usr --sysconfdir=/etc --libexecdir=/usr/libexec
> --enable-openssl
>
> But when I try to bring up a connection specifying:
>
> ike=aes128-sha256-ecp256!
> esp=aes128gcm16!
>
> I get:
>
> 002 "suiteB" #1: initiating Main Mode
> 002 "suiteB" #1: ike alg: dh group ECP_256 not present
> 003 "suiteB" #1: empty ISAKMP SA proposal to send (no algorithms for ike
> selection?)
>
> The openssl plugin appears to be loaded, as "ipsec statusall" shows:
>
> 000 loaded plugins: aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp
> dnskey pem openssl hmac gmp xauth attr resolve
>
> But the algorithms don't show up in "ipsec listalgs":
>
> 000 encryption: BLOWFISH_CBC 3DES_CBC AES_CBC CAMELLIA_CBC
> 000 integrity: HMAC_MD5 HMAC_SHA1 HMAC_SHA2_256 HMAC_SHA2_384
> HMAC_SHA2_512
> 000 dh-group: MODP_1024 MODP_1536 MODP_2048 MODP_3072 MODP_4096
> MODP_6144 MODP_8192 MODP_1024_160 MODP_2048_224 MODP_2048_256
>
> My kernel is 2.6.18 and I am using libcrypto.so.0.9.8e .
>
> What am I doing wrong?
>
> Regards,
>
> Mike
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list